Protect your trade secrets
For a little more than half a year now, the Law on the Protection of Trade Secrets (GeschGehG) (the “Law”) has been in force. In implementation of the EU Directive 2016/943, the Law brought about some fundamental changes in the area of protection of trade secrets.
Not all companies have already adapted to this. It is however highly recommended to initiate the necessary steps for protecting the respective trade secrets in accordance with the Law (irrespective of contractual agreements protecting trade secrets, with employees or third parties). In particular, under the Law, for information to be classified as a trade secret it must be “subject to reasonable steps to keep it secret under the circumstances by its lawful owner“. If this is not the case, the relevant information is not protected thereunder.
- In particular, the legally regulated prohibitions of action with regard to obtaining, using or disclosing trade secrets as well as the legally regulated claims in the event of infringements are not applicable (in particular, elimination, destruction, damages; the proximity to classic intellectual property rights is obvious).
- And the criminal law provisions in the Law do not intervene either; they also link to the concept of trade secrets, i.e. in this respect it is a prerequisite that the respective information is subject to reasonable steps to keep it secret, as described above (this was not necessary before the Law came into existence, i.e. under former sec. 17 of the Law against Unfair Competition (UWG) which covered trade and business secrets).
It depends on the individual case what has to be done to fulfil the criterion of taking “reasonable steps”. However, it is clear that a differentiated protection concept is necessary, depending on the circumstances (including capabilities, which depend inter alia on the size of the company; large companies typically have more options than small sized companies).
In order to implement an appropriate protection concept, first of all, the relevant pieces of information should be identified. As a second step, taking into account the respective possibilities/options the company has, it should be defined which degree of protection is necessary with respect to such information, and as a third step an overall concept for the protection of trade secrets should be developed which could be implemented in practice as efficiently and effectively as possible. In particular, this should include measures such as the establishment of technical/organizational barriers to unauthorized access; Art. 32 of the General Data Protection Regulation can provide some guidance in this respect. In addition, appropriate contractual agreements should be made, in particular with employees and third parties such as customers, suppliers and distribution partners.
In this respect, companies should also review their current confidentiality agreements/NDAs. In particular, they should ensure that the subject matter and scope of protection are clearly defined therein, and that the respective measures taken to protect confidential information are reasonable.